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Rubenstein, Sal Stolfo 

October 2003 Proceedings of the 2003 ACM workshop on Survivable and self-regenerative 
systems: in association with 10th ACM Conference on Computer and 
Communications Security SSRS '03 

Publisher: ACM Press 
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We present SABER (Survivability Architecture: Block, Evade, React), a proposed survivability 
architecture that blocks, evades and reacts to a variety of attacks by using several security and 
survivability mechanisms in an automated and coordinated fashion. Contrary to the ad hoc manner 
in which contemporary survivable systems are built-using isolated, independent security 
mechanisms such as firewalls, intrusion detection systems and software sandboxes-SABER 
integrates several different techno ... 



Keywords: intrusion detection, overlay networks, survivability 



Protecting web servers from distributed denial of service attacks 
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Apni 2001 Proceedings of the 10th international conference on World Wide Web WWW '01 
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security 



Scalable Networked Info r mat i on Processing Environment (SNIPE ) 
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Publisher: ACM Press 

Full text available: ajgj MtflAZm Additional Information: (g'J.f itatipn, afeM[.ac.I. rejejencea, citings 



SNIPE is a metacomputing system that aims to provide a reliable, secure, fault-tolerant environment 
for long-term distributed computing applications and data stores across the global InterNet. This 
system combines global naming and replication of both processing and data to support large scale 
information processing applications leading to better availablity and reliability than currently 
available with typical cluster computing and/or distributed computer environments. 

Keywords: MetaComputing, RCDS, SNIPE, reliable, scalable, secure 
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Electronic computers have evolved from exiguous experimental enterprises in the 1940s to prolific 
practical data processing systems in the 1980s. As we have come to rely on these systems to 
process and store data, we have also come to wonder about their ability to protect valuable data. 

Data security is the science and study of methods of protecting data in computer and 
communication systems from unauthorized disclosure ... 

The consensus problem in fault-tolerant computing 

Michael Barborak, Anton Dahbura, Minoslaw Malek 

June 1993 i ACM Computing Surveys (CSUR), Volume 25 Issue 2 

Publisher: ACM Press 

Full text available: J^.e.dliAQ_MJi] Additional Information: (wleitMon. £e!£reJ3B.ea. CitinflS. iafilfiiLteinis 
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7 Security: LIGER: implementin g efficient hybrid security mechanisms for hetero g eneous sensor 
networks 

Patrick Traynor, Raju Kumar, Hussain Bin Saad, Guohong Cao, Thomas La Porta 
June 2006 Proceedings of the 4th international conference on Mobile systems, applications 
and services MobiSys 2006 

Publisher: ACM Press 

Full text available: J^pd f(592 00 KB) Additional Information: fvi | ) , E ,it a ,t, jop . abstract, . r eferences , in d e x. ter m s 



The majority of security schemes available for sensor networks assume deployment in areas without 
access to a wired infrastructure. More specifically, nodes in these networks are unable to leverage 
key distribution centers (KDCs) to assist them with key management. In networks with a 
heterogeneous mix of nodes, however, it is not unrealistic to assume that some more powerful 
nodes have at least intermittent contact with a backbone network. For instance, an air-deployed 
battlefield network may ha ... 

Keywords: heterogeneous sensor networks, hybrid network security, probabilistic authentication, 
probabilistic key management 
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Theodore A. Linden 
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Mining anomalies usin g traffic feature distributions 
Anukool Lakhina, Mark Crovella, Christophe Diot 

August 2005 ACM SIGCOMM Computer Communication Review , Proceedings of the 2005 

conference on Applications, technologies, architectures, and protocols for computer 
communications SIGCOMM '05, Volume 35 Issue 4 

Publisher: ACM Press 

Full tort available: mm ^P.fl.K.SZ.^S.S.KB.l Additional Information: fkiJLCltSlj.Q^ jafealfa.Gt, references, Gi.fe!.fl.S. indftLMms. 



The increasing practicality of large-scale flow capture makes it possible to conceive of traffic analysis 
methods that detect and identify a large and diverse set of anomalies. However the challenge of 
effectively analyzing this massive data source for anomaly diagnosis is as yet unmet. We argue that 
the distributions of packet features (IP addresses and ports) observed in flow traces reveals both 
the presence and the structure of a wide range of anomalies. Using entropy as a summarization 
tool, ... 



http://portal.acm.org/resultsxfm? 



6/7/07 



Results (page 1): ((thwart$4 or malicious) and attack and (data near2 center) and network ... Page 3 of 5 



Keywords: anomaly classification, anomaly detection, network-wide traffic analysis 



10 



S pecial issue o n wireless pan & sensor networks: Desi g n and analysis of Hybrid Indirect 
Transmissions (HIT) for data g athering in wireless micro sensor networks ' 
Benjamin J. Culpepper, Lan Dung, Melody Moh 

January 2004 ACM SIGMOBILE Mobile Computing and Communications Review, Volume 8 issue 1 

Publisher: ACM Press 

Full text available: A .QdK&OJ&J&B) Additional Information: fatatelifin. ffiftfLKL afeiSDCfift. stings 
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Sensor networks have many potential applications in biology, physics, medicine, and the military. 
One major challenge in sensor networks is to maximize network life under the constraint of limited 
power supply. The paper addresses energy-efficiency in the context of routing and data gathering. A 
new protocol is proposed: Hybrid Indirect Transmission (HIT). HIT is based on a hybrid architecture 
that consists of one or more clusters, each of which is based on multiple, multi-hop indirect 
transmiss 

Survey of network-based defense mechanisms counterin g the DoS and DDoS problems 

Tao Peng, Christopher Leckie, Kotagiri Ramamohanarao 

April 2007 ACM Computing Surveys (CSUR), Volume 39 issue l 

Publisher: ACM Press 

Full text available: iC 1 )p^{t1, 1 , 7 .,MB) Additional Information: full citation , abst ract- references, i ndex term ? 



This article presents a survey of denial of service attacks and the methods that have been proposed 
for defense against these attacks. In this survey, we analyze the design decisions in the Internet 
that have created the potential for denial of service attacks. We review the state-of-art mechanisms 
for defending against denial of service attacks, compare the strengths and weaknesses of each 
proposal, and discuss potential countermeasures against each defense mechanism. We conclude by 
hignligh ... 

Keywords: Botnet, DDoS, DNS reflector attack, DoS, IP spoofing, IP traceback, IRC, Internet 
security, SYN flood, VoIP security, bandwidth attack, resource management 



Securit y Mechanisms in Hiqh-Level Network Protocols 
Victor L. Voydock, Stephen T. Kent 

June 1983 ACM Computing Surveys (CSUR), Volume 15 issue 2 
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The relational model for database mana g ement: version 2 

E. F. Codd 

January 1990 Book 

Publisher: Addison-Wesley Longman Publishing Co., Inc. 

Full text available: ^■ a > pdf(29.6i M B! Additional information: full ptg tjpn. abstract , re ferences , citin gs, inctex terms , rev iew 
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An important adjunct to precision is a sound theoretical foundation. The relational model is solidly 
based on two parts of mathematics: firstorder predicate logic and the theory of relations. This book, 
however, does not dwell on the theoretical foundations, but rather on all the features of the 
relational model that I now perceive as important for database users, and therefore for DBMS 
vendors. My perceptions result from 20 y ... 

Measurement: Automatically inferrin g patterns of resource consumption in network traffic 
Cristian Estan, Stefan Savage, George Varghese 

August 2003 Proceedings of the 2003 conference on Applications, technologies, architectures, 
and protocols for computer communications SIGCOMM '03 

Publisher: ACM Press 

Full text available: ^■^p dff260 43 KB? Additional Information: Tui) citatipn . a bstrac t, reference?, ci ting s, index, te rms 
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The Internet service model emphasizes flexibility -- any node can send any type of traffic at any 
time. While this design has allowed new applications and usage models to flourish, it also makes the 
job of network management significantly more challenging. This paper describes a new method of 
traffic characterization that automatically groups traffic into minimal clusters of conspicuous 
consumption. Rather than providing a static analysis specialized to capture flows, applications, or 
network-to ... 

Keywords: data mining, network monitoring, traffic measurement 
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Link and channel measurement: A simple mechanism for capturin g and replaying wireless 
channels 

Glenn Judd, Peter Steenkiste 

August2oo5 Proceeding of the 2005 ACM SIGCOMM workshop on Experimental approaches to 
wireless network design and analysis E-WIND '05 

Publisher: ACM Press 

Full text available: iS^ DdifG.OS MB ) Additional Information: full citation . a bstract, references, index terms 

T3 

Physical layer wireless network emulation has the potential to be a powerful experimental tool. An 
important challenge in physical emulation, and traditional simulation, is to accurately model the 
wireless channel. In this paper we examine the possibility of using on-card signal strength 
measurements to capture wireless channel traces. A key advantage of this approach is the simplicity 
and ubiquity with which these measurements can be obtained since virtually all wireless devices 
provide the req ... 

Keywords: channel capture, emulation, wireless 



16 Ill ustrative ri sks to the p u blic in the u se of computer s ys tems and related technolo gy 
Peter G. Neumann 

January 1996 ^CM SIGSOFT Software Engineering Notes, Volume 21 issue l 

Publisher: ACM Press 

Full text available: eS^p. d j&frl.M B ) Additional Information: f ull citet isn 



Technical papers: Imagin g and visual analysis— Detecting distributed scans using hig h- 
gjy performa n ce query-driven visualization 

Kurt Stockinger, E. Wes Bethel, Scott Campbell, Eli Dart, Kesheng Wu 

November 2006 Proceedings of the 2006 ACM/IEEE conference on Supercomputing SC '06 

Publisher: ACM Press 

Futl text available: ^■*jpdj( 43 3.Q0 KB) .HtmllZ ?5 KP) Additional Information: full citation , abstract, references 

Modern forensic analytics applications, like network traffic analysis, perform high-performance 
hypothesis testing, knowledge discovery and data mining on very large datasets. One essential 
strategy to reduce the time required for these operations is to select only the most relevant data 
records for a given computation. In this paper, we present a set of parallel algorithms that 
demonstrate how an efficient selection mechanism — bitmap indexing — significantly speeds up a 
common analysis task, ... 

Keywords: data mining, network connection analysis, network security, query-driven visualization, 
visual analytics 



Internet traffic classification using bayesian analysis techniques ^1 
Andrew W. Moore, Denis Zuev 

June zoos ACM SIGMETRICS Performance Evaluation Review , Proceedings of the 2005 ACM 
SIGMETRICS international conference on Measurement and modeling of computer 
systems SIGMETRICS '05, Volume 33 Issue 1 



Publisher: ACM Press 
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Accurate traffic classification is of fundamental importance to numerous other network activities, 
from security monitoring to accounting, and from Quality of Service to providing operators with 
useful forecasts for long-term provisioning. We apply a Naive Bayes estimator to categorize traffic 
by application. Uniquely, our work capitalizes on hand-classified network data, using it as input to a 
supervised Naive Bayes estimator. In this paper we illustrate the high level of accuracy ach ... 

Keywords: flow classification, internet traffic, traffic identification 



Defeatin g DDoS attacks by fixing the incentive chain 
Yun Huang, Xianjun Geng, Andrew B. Whinston 

February 2007 ACM Transactions on Internet Technology (TOIT), volume 7 issue l 

Publisher: ACM Press 

Full text available: B^l&SS-MBJ Additional Information: fgtl c ita tion , ab stract, references , in dex terms 

Cooperative technological solutions for Distributed Denial-of-Service (DDoS) attacks are already 
available, yet organizations in the best position to implement them lack incentive to do so, and the 
victims of DDoS attacks cannot find effective methods to motivate them. In this article we discuss 
two components of the technological solutions to DDoS attacks: cooperative filtering and 
cooperative traffic smoothing by caching. We then analyze the broken incentive chain in each of 
these technologica ... 
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Keywords: Denial-of-service, incentive, pricing, security 

20 Miscellaneous I: A wavelet-based framework for proactive detection of network 
misconfiqu rations 

Antonio Magnaghi, Takeo Hamada, Tsuneo Katsuyama 

September 2004 proceedings of the ACM SIGCOMM workshop on Network troubleshooting: 

research, theory and operations practice meet malfunctioning reality NetT '04 

Publisher: ACM Press 

Full text available: RdH263 J?Z&B) Additional Information; fyJLeitatioiu aMtlfffil. refetgncfia. iM&S Jeans. 

An increasing number of misconfigurations and malicious behaviors threaten the normal operation 
conditions of data networks. Thus, field engineers are constantly presented with the challenge of 
isolating new misconfigurations and anomalies. In this paper, we present a group of real-world 
problems reported by a set of six commercial networks we surveyed. Successively, we focus on a 
well-defined family of misconfigurations. Our analysis identifies common properties such anomalous 
behaviors share. ... 

Keywords: misconfiguration, network performance, retransmissions, wavelets 
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